1. Describe the risk analysis process goals. Why is each goal important? Define quantitative success criteria for each goal.
a. Analyze risk in a cost efficient manner. 20%
Budget must always be in the back of your mind. The point is how much effort you put into the risk. It should be based upon the risk level of the item being worked.
b. Refine the risk context. 15%
Study the risk and determine how it fits into the “pig picture”. I may be a low priority, but have a big impact on the whole of the system.
c. Determine the source of risk. 15%
Probably the most import part of the process. But it is not always possible.
d. Determine risk exposure. 15%
Knowing how the risk is accessible is a concern. If it is something that is internal it can be dealt with easier than if it was a user induced risk.
e. Determine the time frame for action. 15%
Critical risks need to be addressed first and then priority wise down the line.
f. Determine the highest severity risks. 20%
Identifying the severity and priority of the risks is very important so you can deal with the important ones first.
2. List five ways that a risk database can assist the risk analysis process. How would you ensure that the risk database is maintained?
1. Grouping similar and related risks.
2. Determine risk drivers and their source.
3. Using risk analysis techniques and tools.
4. Estimate risk exposure.
5. Evaluate risk against criteria and rank relative to other risks.
Responsible individuals update the risk database with current and previous priority. The risk database maintains the total number of weeks on the risk list.
3. What are risk drivers? Describe the known software project risk drivers for both cost and schedule. Develop a matrix to show how these risk drivers relate to each other.
Risk drivers are the variables that cause the probability and consequence of software risk to fluctuate significantly.
Additional cost drivers are factors found in software cost-estimation models. Schedule drivers include the items on your critical path.
4. Why is it important to determine the source of risk? Describe the techniques that are available to understand the root cause of risk.
The root cause is important because if it is not found you will be just applying a band aid to a larger problem. The band aid will eventually fall off and you are left with the same problem.
One technique to determine the root cause of a problem is to keep asking the same question, “Why?” five times for each risk. This has you asking the same question, but finding different answers. This will help you determine the cause of the risk by looking at the risk from several different angles.
5. Unrealistic schedule and budget has been identified as a risk. Perform a causal analysis to prevent this problem on your next assignment. What are the chances that your corrective actions will be implemented successfully? Why do you think so?
You can use a number of different techniques. Such as:
Structure states the decision, alternatives, uncertainties, and value of outcomes and specifies their relationships. Influence diagrams and decision trees are useful in structuring a decision model and describing possible scenarios.
Analyze the decision model to determine the important variables and define their probabilistic relationships.
Evaluate the decision model by calculating possible outcomes to determine risk profiles and the optimal decision policy.
Communicate risk analysis results by sharing understanding and insights to facilitate decision making. Results of risk analysis can be made accessible by storage in a centralized risk database.
Using the above steps you can define the issue at hand and help create a road map to a solution.
6. You are the technical leader of a project that is on the cutting edge of wireless communication technology. Time to market is critical to your project’s success, but there is a shortage of people with domain experience. Use the risk analysis technique of your choice to structure, analyze, evaluate, and communicate this risk.
To start off we must identify the problem. The issue is an experience problem in a particular area. Sending personnel to training would be the most effective solution, however we have a time to market deadline. So our other options would be to hire a consultant to do training, hire a private contractor with the necessary experience, or find a firm that has the experience we need and contract the job to them.
Since this is a new venture we will assume the budget is a little flexible. So let’s look at each option:
Hire a consultant to conduct training. This option will be very effective, however it can clause timeline problems.
Hire a private contractor to do the work. This can be cost effective and allow you to benefit from the contractors experience. You have to potential issues, finding the right person and trusting that this person has the experience necessary for the job.
Contracting the work out is the best option in this case. You can find a firm that has the knowledge you need and should have the personnel to get the job done quickly.
Lastly recommend all of these scenarios and let management decide on the best one that meets the company’s needs.
7. How can you define time frame for action to help prioritize risks? What is the value of using time to evaluate risk? Give an example that uses time to evaluate risk.
Predefined criteria for evaluating risk ensure that all risks will be judged against the same standard. Risk severity determines relative priority by mapping categories of risk exposure against the criteria of time. Time frame is how soon action is required to prevent the risk from occurring. Risk severity incorporates the time frame for action to arrive at a final, prioritized list of accesses risks. Risk severity groups risks such that the highest priority risks have a risk severity equal to one.
Using time to evaluate risk helps you decide what components need to be accomplished first. By getting the highest risk first you can make sure you project is moving in the direction it needs to.
8. When should risk analysis be qualitative? When should risk analysis be quantitative? Explain your answer.
A risk occurrence should be evaluated qualitative when you are addressing the customer or people who are not involved in the technical aspects of the project. Quantitative should be for management and team matrices so they can see what the goal is and what progress they are making.
9. Many risks are interrelated. Analyze the following compound risk: Unstable requirements with a tight budget will likely cancel the project. Discuss the dependencies that exist between the two risks.
Unstable requirements and tight budget are two of the most difficult things to deal with. The budget controls how much work is put into the project and what resources you have access to. Unstable requirements can cause a lot of rework and the necessity of new equipment or software. Some type of commitment needs to be made to the project and the requirements need to be nailed down for the project to succeed. If the requirements are more firm then the budget can be analyzed to see if the project can be accomplished.
10. Why are consensus-based prioritization schemes useful on software projects? In general, would you expect individuals to agree on risk priorities? Discuss why you would or would not expect agreement.
Nominal group technique is a prioritization scheme that allows a team to come to a consensus quickly on the relative importance of risks by combining individual priorities into team priorities. Individuals rank risks from one to the total number of risks. The summation of all rankings is the risk score. The lowest score is the most important task.
You will get agreement on most of the risks. There will be some that people don’t agree upon, but that will be up to the team manager to highlight these items and discuss them with the group. You won’t get agreement on some tasks because the team will be comprised of people with different backgrounds and experience. But the vast majority of risks will be agreed on in my opinion.
Part II - Chapter 5
1. Describe the risk analysis process goals. Why is each goal important? Define quantitative success criteria for each goal.
2. List five ways that a risk database can assist the risk analysis process. How would you ensure that the risk database is maintained?
3. What are risk drivers? Describe the known software project risk drivers for both cost and schedule. Develop a matrix to show how these risk drivers relate to each other.
4. Why is it important to determine the source of risk? Describe the techniques that are available to understand the root cause of risk.
5. Unrealistic schedule and budget has been identified as a risk. Perform a causal analysis to prevent this problem on your next assignment. What are the chances that your corrective actions will be implemented successfully? Why do you think so?
6. You are the technical leader of a project that is on the cutting edge of wireless communication technology. Time to market is critical to your project’s success, but there is a shortage of people with domain experience. Use the risk analysis technique of your choice to structure, analyze, evaluate, and communicate this risk.
7. How can you define time frame for action to help prioritize risks? What is the value of using time to evaluate risk? Give an example that uses time to evaluate risk.
8. When should risk analysis be qualitative? When should risk analysis be quantitative? Explain your answer.
9. Many risks are interrelated. Analyze the following compound risk: Unstable requirements with a tight budget will likely cancel the project. Discuss the dependencies that exist between the two risks.
10. Why are consensus-based prioritization schemes useful on software projects? In general, would you expect individuals to agree on risk priorities? Discuss why you would or would not expect agreement.
Project Home Next Section